Dubai skyline at golden hour featuring Burj Khalifa and DIFC towers — MAST UAE GRC and cybersecurity consulting.

Dubai · United Arab Emirates

UAE GRC, cybersecurity & compliance, delivered locally.

GRC and cybersecurity consulting in Dubai, Abu Dhabi and across the Emirates.

Book a UAE scoping call Explore services

120+: UAE engagements delivered
7: Emirates served
100%: First-pass certification rate

MAST in UAE

Local delivery, global standards.

From our Dubai office, MAST partners with banks, insurers, healthcare groups, government entities and technology operators to deliver ISO 27001, PCI DSS, ADHICS V2, CBUAE and SIA-aligned programmes — with Lead Auditors based in the UAE.

Regulators we cover

The UAE regulatory landscape we work in daily.

CBUAE

Central Bank of the UAE — information assurance & operational resilience.

SIA (formerly NESA)

UAE Information Assurance Standards for critical sectors.

ADHICS V2

Abu Dhabi Healthcare Information & Cyber Security standard.

DoH & DHA

Department of Health Abu Dhabi and Dubai Health Authority.

TDRA

Telecommunications & Digital Government Regulatory Authority.

ISR Dubai

Information Security Regulation for Dubai Government entities.

DFSA & FSRA

DIFC and ADGM financial-services authorities.

PDPL (Federal)

UAE Federal Personal Data Protection Law.

Services

What we deliver in UAE.

Each engagement is led by a senior consultant with sector experience in your jurisdiction.

ISO 27001 in the UAE

ISMS programmes for banks, government and healthcare across all 7 Emirates.

Learn more

PCI DSS v4.0 (UAE)

QSA-ready programmes for issuers, acquirers and payment processors.

Learn more

CBUAE, SIA & ADHICS

Sector-specific UAE regulatory programmes end-to-end.

Learn more

Cybersecurity Advisory

vCISO, SOC, red team and IR retainers from Dubai.

Learn more

VAPT (UAE)

CREST-led penetration testing across infrastructure, web, mobile and cloud.

Learn more

DFIR (UAE)

24×7 incident response with court-admissible forensics.

Learn more

UAE case studies

Recent UAE engagements — outcomes you can audit.

Anonymised snapshots of MAST delivery in your jurisdiction. Every engagement is sponsored by a named Lead Auditor.

BankingISO 27001:2022

Tier-1 UAE bank — ISMS certified across 9 entities in 14 weeks.

Built a unified ISMS spanning retail, corporate, Islamic and DIFC subsidiaries with a single Statement of Applicability covering 1,200 staff.

Time to certification: 14 wks
Major non-conformities: 0
Entities in scope: 9

Lead Auditor attribution

Anil Sahore

Lead Auditor — ISO 27001

CQI-IRCA · CISA · 35+ yrs

DeliveredQ3 2024 · Dubai + DIFC

HealthcareADHICS V2 · HIPAA

Abu Dhabi hospital network — ADHICS V2 attestation with unified evidence library.

Mapped ADHICS V2 against HIPAA and ISO 27001 to deliver one harmonised control set across 6 facilities and 40+ clinics.

Audit effort: −61%
Facilities covered: 6
Controls de-duplicated: 338

Lead Auditor attribution

MAST Healthcare Practice

Senior Consultant — ADHICS

ADHICS · ISO 27001 LA · CISM

DeliveredH1 2025 · Abu Dhabi

PaymentsPCI DSS v4.0

UAE payments processor — CDE scope cut by 68% before RoC.

Re-architected the cardholder data environment and tokenisation flows to remove 68% of in-scope systems prior to QSA assessment.

In-scope systems: −68%
QSA findings: 0 critical
Annual audit cost: −AED 1.4M

Lead Auditor attribution

MAST Payments Practice

Lead — PCI DSS

PCIP · QSA-aligned · 12+ yrs

DeliveredQ4 2024 · Dubai

GovernmentSIA · ISR Dubai

Dubai Government entity — ISR Level 4 attestation, first attempt.

Delivered ISR and SIA-aligned uplift across 80+ controls with full evidence pack and management-review readiness.

ISR maturity: L2 → L4
Controls remediated: 82
Attestation: First-pass

Lead Auditor attribution

MAST Public Sector

Lead — ISR / SIA

ISO 27001 LA · CISSP

DeliveredQ2 2025 · Dubai

Energy / OTIEC 62443 · SIA

UAE utility — OT/ICS segmentation and SOC integration.

Segmented Purdue levels 2–3, deployed OT-aware monitoring and integrated alerts into the enterprise SOC for a national utility.

Critical OT zones: 11 isolated
MTTD (OT incidents): −74%
SIA compliance: Achieved

Lead Auditor attribution

MAST OT Security

Principal — OT/ICS

IEC 62443 · GICSP · CISSP

Delivered2024–2025 · Abu Dhabi

FAQ

UAE delivery — common questions.

Do you have a UAE office?

Yes. Our regional headquarters is in Dubai and our consultants regularly work on-site in Abu Dhabi, Sharjah and across the Emirates.

Which UAE regulators do you cover?

CBUAE, SIA (formerly NESA), ADHICS V2, DoH, DHA, ISR, TDRA, DFSA, FSRA and the Federal PDPL — among others.

Can you support both onshore UAE and free-zone (DIFC, ADGM) entities?

Yes. We deliver programmes that satisfy onshore federal regulators as well as DFSA (DIFC) and FSRA (ADGM) requirements.

Speak with our UAE team

Local consultants. Lead Auditors. Fixed-fee proposals.

Tell us about your UAE programme — a senior consultant from MAST responds within one business day.